Getting 403 and "account is disabled and can't accept package uploads" when attempting to publish

So I’ve got a monorepo that I’m trying to publish (NPM) packages from. Using Yarn, and publishing to GH packages. Fully authorised, using a PAT.

Attempted to publish today, and got 403 errors. There are some similar posts on the forum, but they seem to mainly refer to Actions-related stuff.

Each package’s manifest file has this block:

...snip
	"version": "1.3.0",
	"main": "lib/index.js",
	"types": "lib/types/index.d.ts",
	"files": [
		"lib/**/*"
	],
	"public": true,
	"publishConfig": {
		"registry": "https://npm.pkg.github.com/"
	},
	"repository": "https://github.com/thingco/shared-frontend-libs"
...snip

And the .yarnrc file has these configurations set (same effect as the configs in a .npmrc file):

npmAlwaysAuth: false
npmAuthToken: "${GITHUB_PACKAGES_READ_WRITE_TOKEN}"
npmPublishAccess: public
npmPublishRegistry: "https://npm.pkg.github.com"

Where GITHUB_PACKAGES_READ_WRITE_TOKEN is my PAT stored as an env var.

So I regenerated the PAT, with the correct access permissions as specified in the packages guide. I logged back in, so

yarn npm login --scope=thingco --publish

Which worked – asks for a username, then asks for the token, then I get notified of successful GH authentication.

Then ran

yarn npm publish

Which runs the prepack stuff, then gives me a failure with the message:

➤ YN0035: The "thingco" account is disabled and can't accept package uploads.
➤ YN0035:   Response Code: 403 (Forbidden)
➤ YN0035:   Request Method: PUT
➤ YN0035:   Request URL: https://npm.pkg.github.com/@thingco%2fauth-flows
➤ YN0000: Failed with errors in 2s 154ms

The last successful publish was last week. I’d changed build systems, and possibly borked something for downloads (they still published at that point, I just couldn’t install the resulting packages): the first sign something was wrong was that the published packages failed to install and threw 404s. This may be unrelated, it may just be a bad config. But equally, this could also be connected to the above issue.